sudo/TROUBLESHOOTING

Troubleshooting tips for CU sudo
================================

Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
   and sudo quits.
A) Sudo must be setuid root to do its work.  You need to do something like
   `chmod 4111 /usr/local/bin/sudo'.  Also, the filesystem sudo resides
   on must *not* be mounted with the nosuid mount option or sudo will
   not be able to work.

Q) Sudo is setup to log via syslog(3) but I'm not getting any log
   messages.
A) Make sure you have an entry in your syslog.conf file to save
   the sudo messages.  The default log facility is local2
   (configurable in options.h) so you would want something like:
	local2.debug				/var/adm/sudo.log
   or
	local2.debug				@loghost
    depending whether you want to forward the messages to another
    host or keep them locally.

Q) When sudo asks me for my password it never accepts what I enter even
   though I know I entered my password correctly.
A) Try running configure with the --with-getpass option.  After this
   when you build sudo it will use the system's getpass() routine instead
   of sudo's own version.  If that doesn't work, and your OS uses shadow
   passwords, re-run configure and add the --with-C2 option.  Configure
   tries to guess whether or not you are using shadow passwords but
   it is not bulletproof.
   (see the INSTALL doc for a list of OS's that sudo knows how to get
   shadow password info for).

Q) Sudo says that it cannot read the sudoers file even though the
   path it says is correct.
A) If the sudoers file lives on an NFS-mounted partition that partition
   needs to be exported as root to the host in question unless you
   have set SUDOERS_OWNER to something other than root.  An easy test
   is to see if "cat /path/to/sudoers" works as root.  If not, then
   you have the aforementioned problem.  See the entry for SUDOERS_OWNER
   in the OPTIONS file.

Q) I don't run sendmail on my machine.  Does this mean that I cannot
   use sudo?
A) No, you just need to comment out the MAILER #define in options.h.

Q) When I run visudo it uses vi as the editor and I hate vi.  How
   can I make it use another editor?
A) Your best bet is to enable the ENV_EDITOR option in options.h.
   This will make visudo use the editor specified by the user's
   EDITOR environmental variable.  Alternately, you can change the
   default editor by setting the EDITOR macro in options.h to
   the editor of your choice.

Q) Sudo appears to be removing some variables from my environment, why?
A) Sudo removes the following "dangerous" environmental variables
   to guard against shared library spoofing, shell voodoo, and
   kerberos server spoofing.
     IFS
     LD_*
     _RLD_*
     SHLIB_PATH (HP-UX only)
     LIB_PATH (AIX only)
     KRB_CONF (kerberos only)

Q) I can't get the s/key support to work, whatever I do sudo won't
   accept my key.  I had to run configure with --with-getpass,
   could that have something to do with it?
A) Yes, the s/key support requires that you use tgetpass() since
   most system getpass()'s only grab eight characters or so
   and s/key needs much mroe than that.  It should be possible
   to get tgetpass() to work, send mail to sudo-bugs@cs.colorado.edu
   if you need help.
added 3 entries 1995-11-26 02:23:40 +00:00			`Troubleshooting tips for CU sudo`
			`================================`
Initial revision 1995-03-29 23:17:38 +00:00
updated 1995-03-30 04:49:03 +00:00			`Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."`
			`and sudo quits.`
Initial revision 1995-03-29 23:17:38 +00:00			`A) Sudo must be setuid root to do its work. You need to do something like`
added 2 more entries 1995-11-26 18:47:43 +00:00			`chmod 4111 /usr/local/bin/sudo'. Also, the filesystem sudo resides
updated shadow passwords blurb 1995-09-10 17:56:19 +00:00			`on must not be mounted with the nosuid mount option or sudo will`
			`not be able to work.`
Initial revision 1995-03-29 23:17:38 +00:00
added section on syslog 1996-01-07 19:26:25 +00:00			`Q) Sudo is setup to log via syslog(3) but I'm not getting any log`
			`messages.`
			`A) Make sure you have an entry in your syslog.conf file to save`
			`the sudo messages. The default log facility is local2`
			`(configurable in options.h) so you would want something like:`
			`local2.debug /var/adm/sudo.log`
			`or`
			`local2.debug @loghost`
			`depending whether you want to forward the messages to another`
			`host or keep them locally.`

Initial revision 1995-03-29 23:17:38 +00:00			`Q) When sudo asks me for my password it never accepts what I enter even`
			`though I know I entered my password correctly.`
			`A) Try running configure with the --with-getpass option. After this`
			`when you build sudo it will use the system's getpass() routine instead`
updated shadow passwords blurb 1995-09-10 17:56:19 +00:00			`of sudo's own version. If that doesn't work, and your OS uses shadow`
			`passwords, re-run configure and add the --with-C2 option. Configure`
			`tries to guess whether or not you are using shadow passwords but`
			`it is not bulletproof.`
Initial revision 1995-03-29 23:17:38 +00:00			`(see the INSTALL doc for a list of OS's that sudo knows how to get`
			`shadow password info for).`
added 3 entries 1995-11-26 02:23:40 +00:00
			`Q) Sudo says that it cannot read the sudoers file even though the`
			`path it says is correct.`
			`A) If the sudoers file lives on an NFS-mounted partition that partition`
			`needs to be exported as root to the host in question unless you`
			`have set SUDOERS_OWNER to something other than root. An easy test`
			`is to see if "cat /path/to/sudoers" works as root. If not, then`
			`you have the aforementioned problem. See the entry for SUDOERS_OWNER`
			`in the OPTIONS file.`

			`Q) I don't run sendmail on my machine. Does this mean that I cannot`
			`use sudo?`
			`A) No, you just need to comment out the MAILER #define in options.h.`

			`Q) When I run visudo it uses vi as the editor and I hate vi. How`
			`can I make it use another editor?`
			`A) Your best bet is to enable the ENV_EDITOR option in options.h.`
			`This will make visudo use the editor specified by the user's`
			`EDITOR environmental variable. Alternately, you can change the`
			`default editor by setting the EDITOR macro in options.h to`
			`the editor of your choice.`
added 2 more entries 1995-11-26 18:47:43 +00:00
			`Q) Sudo appears to be removing some variables from my environment, why?`
			`A) Sudo removes the following "dangerous" environmental variables`
			`to guard against shared library spoofing, shell voodoo, and`
			`kerberos server spoofing.`
			`IFS`
			`LD_*`
			`_RLD_*`
			`SHLIB_PATH (HP-UX only)`
			`LIB_PATH (AIX only)`
			`KRB_CONF (kerberos only)`

			`Q) I can't get the s/key support to work, whatever I do sudo won't`
			`accept my key. I had to run configure with --with-getpass,`
			`could that have something to do with it?`
			`A) Yes, the s/key support requires that you use tgetpass() since`
			`most system getpass()'s only grab eight characters or so`
			`and s/key needs much mroe than that. It should be possible`
			`to get tgetpass() to work, send mail to sudo-bugs@cs.colorado.edu`
			`if you need help.`